Abstract
Cloud providers implement support for System for Cross Domain Identity Management (SCIM) RFCs that mandate only how users and groups are to be provisioned. Administrators of cloud platforms must rely on third-party Identity Providers (IdPs) for group creation and management on the cloud platform. Empty or orphan groups consume storage and bookkeeping resources on the cloud platform, while a compromise or malfunction on the IdP end can exhaust cloud resources and/or impose costs on the cloud platform. This disclosure describes techniques to automatically detect and remove empty and/or inactive user groups using a periodically run mapping algorithm and/or suitably trained machine learning models. The described techniques can help reveal empty groups by mapping the relationships between users and groups to identify orphans. To account for the potential lag between group creation and membership assignment from the IdP side, detected empty groups can be marked as candidates for deletion with a soft-deletion flag and associated timestamp that is removed in case of an update to the group. Else, the group is permanently deleted after the specified number of days.
Creative Commons License
This work is licensed under a Creative Commons Attribution 4.0 License.
Recommended Citation
Reddem, Dileep, "Resource Optimization in Cross Cloud Identity Synchronization", Technical Disclosure Commons, (April 14, 2025)
https://www.tdcommons.org/dpubs_series/8005